NIST releases proposed cybersecurity framework

One of the most difficult aspects of dealing with technology for a major company is the complete lack of standards. In a complex and quickly-changing environment like IT, standards are proposed frequently, but seldom have the staying power to be used as a barometer for success. The National Institute of Science and Technology (NIST) is hoping to change that by releasing cybersecurity standards that would hold companies accountable to more than just an anti-virus suite and crossed fingers.

The NIST released its preliminary plan on Oct. 22, which is intended to act as the basis for improved control over IT infrastructure for companies in all sectors. While not mandatory, the list will be a repository for best practices, and will rely on active engagement from those in the tech community to test its validity.

Given the gargantuan cost of cybersecurity, this set of standards should be a good place to start for less tech-savvy companies who are looking for guidance in an effort to more effectively address cyber risk. The “Preliminary Cybersecurity Framework,” will outline steps that can be changed or customized contingent on the size and type of company in which it’s being implemented. This initial release will be followed by a 45-day public comment period and an official release that will compile valid commentary in February, according to Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher.

“We want to turn today's best practices into common practices, and better equip organizations to understand that good cybersecurity risk management is good business, “Gallagher said in a statement. "The framework will be a living document that allows for continuous improvement as technologies and threats evolve. Industry now has the opportunity to create a more secure world by taking ownership of the framework and including cyber risks in overall risk management strategies.”

A set of standards to follow is certainly welcome in a space where up to 75 percent of companies are moderately vulnerable to attacks on their IT infrastructure. With help from the public, the NIST standards could become that much needed barometer for success.